stackoom
  简体   繁体   中英

basic authentication with Node.js and restify

 原文  2014-04-10 15:14:23       javascript/ node.js/ basic-authentication/ restify

Question

I'm currently developing a RESTful web service with NodeJS and restify .

I have everything up and running with node-mysql for the database, but I also would like to implement HTTP Basic authentication.

I only did this once with Apache and an .htaccess file.

But here the webserver comes with restify and I start it like this: 

var server = restify.createServer({
  name: 'my webservice'
});

There is a Authentication Parser Plugin listed in the restify documentation ( http://mcavage.me/node-restify/#Bundled-Plugins ) but I can't figure out how to use it.

The req.username value is always set to anonymous, even when I use http://user:pass@url... .

The best thing would be if I could use it with a .htpasswd file to store/access the user and pass.

Does anyone know how to implement this with restify or another module?

4 answers

solution1
 6  2014-04-12 23:05:15

Finally I found a way to do it without any additional modules.

First I send the correkt header: 

var auth = req.headers['authorization'];
res.statusCode = 401;
res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
res.end('need creds');

Then I check the user and pass and if its ok then send the correct status code 

res.statusCode = 200;  // OK

If the password is not correct: 

  res.statusCode = 401; // Force them to retry authentication
  res.setHeader('WWW-Authenticate', 'Basic realm="Secure Area"');
  res.end('<html><body>You shall not pass</body></html>');

This works pretty well. I only have some trouble to read the .htpasswd and the crypted password. Does anyone know how I can check a plain password against a .htpasswd file?

solution2
 1  2014-04-10 15:22:56

Have a look at Passport.js . It supports Basic HTTP as one of the authentication schemes.

solution3
 0  2014-04-10 15:25:28

The req.username value is always set to anonymous, even when I use http: //user:pass@url....

The documentation seems to suggest that it expects the credentials in the header not in the url, you might need to use Curl or some other tool besides a browser to make headers with authorization headers.

solution4
 -4  2014-04-10 15:25:38

With express you can do something like this: 

var auth = express.basicAuth(function(user, pass) {
    return (user == "admin" && pass == "1234");
},'Super duper secret area');

app.get('/test', auth, function(req, res){
    ...
});

expressjs.com

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Basic node.js express authentication not working https request basic authentication node.js MySQL DB Pool with Node.js and Restify Upload progress with Node.js Restify Node.js Very Basic Local Authentication using Express Sessions Node.js http post request with basic authentication Basic Authentication for HTTP request in AWS Lambda node.js node.js pipe restify http client response What is the difference between node.js request and restify client? Where to put return next() properly in Restify module in node.js?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM